An Research On NetWork Intrusion Detection Based On Data Mining

In recent years, with the economic development and more demands for powerproducts on computers and communications industry, the research of power-relatedtechnology has become an international hotspot in the field of power electronics.Therefore, the study of switch mode power supply，which is known as its advantages,such as the small size, light weight, stable and reliable, etc., not only has greattheoretical significance, but also has great economic and social benefits.With the rapid development of network technology, computer network has beenwidely applied to various fields of human activity, and it has great influence on social,economic and people’s lives. Now the network security problems have gainedwidespread attention. Faced with the serious situation of network security, it isurgent to bring effective technology to network security.Intrusion detectiontechnology is an important network security technology. According to the existingdeficiencies the intrusion detection, the thesis bring a new method based on datamining technology to improve its performance.Data mining technology can extractuseful information from large amount of data, and the work of intrusion detection isto classify and filter data. So data mining techniques can be applied to intrusiondetection to enhance the scalability and adaptive of it. This thesis analysis thedevelopment of intrusion detection, and then elaborate the algorithm of data miningused in the intrusion detection. Compared with the traditional intrusion detectionsystem he thesis give a new model based on data mining. The thesis describes thefunction of each module in detail, and give concrete implementation of them. In thetraining module, the cluster is to distinguish between normal and abnormal data, theassociation algorithm and the sequential patterns mining algorithm is to find theassociation rules and subsequent rules analysis existing in the data. The format of therules used in the system is like the rules in Snort. Since the formation of the rules maynot be consistent with the Snort rules, so the rules need to be converted, and then loadthem into the rule base. We use the association algorithm and the sequential patternsmining algorithm to find association rules and sequence pattern rules in the test data.First performed misuse detection, if the rules extracted from the test data can matchwith the rules in misuse base, it show that there are intrusion behaviors in the teat data.But if the rule does not match, we continue to compare with the abnormal rules baseto check the test data. If there are rules existed in the abnormal rules base.it proves thetest data is normal data. If you it still can not be matched. The data will be processed by the control center.In this thesis, the data used in the experiment is KDDCup99data. The data wascollected from the analog data USAF LAN. The data collection last up nine weeks,including five million times sessions. These data include the training data and testdata. Training data are identified; the test data were not identified. There are fourtypes of attack only exit in the test set. In which a total of41properties networkconnection features, including34in a row and seven discrete attribute values ofattribute values. Characteristics of the data are divided into threer categories: basiccharacteristics into network connections, network connections content features,network connectivity flow characteristics. Follow-up data were extracted from thepretreatment and rules related work. After the overall verification system, the paperpresents data mining-based network intrusion detection system has high detectionrates and low false alarm rate. And experiments show that compared with usingclustering algorithm individually, the way of using the combination of three datamining algorithms, has higher detection efficiency and lower false alarm rate.